• 0xD@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    1 year ago

    A username is not something “you are”, it’s something “you know”. Biometrics are not nearly the same as usernames.

    • Luci@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      A username is something you are. It’s you! You are 0xD.
      A password is something you know. A security key is something you have.

      When we interview security analysts you don’t get past the first round if you disagree.

      • 0xD@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        No, this username is one of the names I’ve chosen for the accounts I use on lemmy. It does not identify me, it identifies the lemmy accounts that I just so happen to know the password for. I was just about to create an account with your username on another instance but meh, that’s too much work. Just imagine me having done that and think about what you just wrote.

        I would be vary of the people agreeing with you on something so basic yet so wrong.

        An authentication factor is a unique identifier that shows that you possess something that others don’t. Biometrics are something you are because your fingerprints, your retinas, or your DNA are (mostly) unique to you. A security key is something you have because unique cryptographic material is saved on the hardware device that cannot be replicated somewhere else (which is why many mobile authenticators really aren’t). And a password is something you know because… Bla bla bla.

        To be pedantic, a username is not a factor in this sense at all; It is an identifier for an account that you have to prove authorization for by presenting some kind of factor, sometimes multiple.